Group homomorphic encryption represents one of the most important building
blocks in modern cryptography. It forms the basis of widely-used, more
sophisticated primitives, such as CCA2-secure encryption or secure multiparty
computation. Unfortunately, recent advances in quantum computation show that
many of the existing schemes completely break down once quantum computers reach
maturity (mainly due to Shor's algorithm). This leads to the challenge of
constructing quantum-resistant group homomorphic cryptosystems.
In this work, we prove the general impossibility of (abelian) group
homomorphic encryption in the presence of quantum adversaries, when assuming
the IND-CPA security notion as the minimal security requirement. To this end,
we prove a new result on the probability of sampling generating sets of finite
(sub-)groups if sampling is done with respect to an arbitrary, unknown
distribution. Finally, we provide a sufficient condition on homomorphic
encryption schemes for our quantum attack to work and discuss its
satisfiability in non-group homomorphic cases. The impact of our results on
recent fully homomorphic encryption schemes poses itself as an open question.Comment: 20 pages, 2 figures, conferenc